This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DLP Policy not being applied to endpoint(s)

We are using Sophos Central to manage our policies and Sophos Endpoint on Windows and Mac endpoints.  I'm trying to enable DLP, but it doesn't seem like the policies are being applied to the endpoint.

I've tried both user-based and computer-based policies.  

When I go into the Endpoint Diagnostics > Health State and look at the policies, I see a bunch of policies listed, but I don't see anything resembling DLP (See attached screenshot).

Is there something else I can look at to see what DLP might not be working?



This thread was automatically locked due to age.
Parents
  • Hello Jason Williams ,

    Please see these steps in order to create/edit DLP rules.
    Keep in mind that there are certain limitations to DLP that you may  need to take into account.

    If the issue persists, are other policies working as expected? Is the issue affecting multiple endpoints or just one?
    Also, please provide an example of a rule that you are testing, so I can test it on my end.

    REgarding macOS and DLP, please see this idea entry.
    Regards,



    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • I created two test policies.  One user based, one computer based.

    The user-based policy is using these built-in rules:

    They are set to check all destinations and allow transfer if user confirms.  I did not enable "Send me email alerts".

    The computer-based policy was created with the below built-in rules:

    As with the user policy, all destinations were selected and to allow transfer if user confirms.  Again, I did not enable "Send me email alerts".

    To test, I applied the policies to my user account and my computer (which is a Mac).

    When I transfer a test file with test PII data, nothing happens.  The copy/transfer completes successfully.  I do not get a popup requesting approval, and I do not see anything in Sophos Central indicating that any DLP policy violation occurred.

    Additionally, as I posted in my original question, based on the installed policy list in the Endpoint Protect Help section, it does not look like any DLP policies are being pushed to the Endpoint.

  • Hello Jason Williams,

    DLP is available for Windows only. Please have a look at the Table of supported policies by platform article for more details.
    There is already an idea/request for DLP and macOS here.

    Can you please test on a Windows endpoint and let me know if you encounter any issues?

    Also, if you provide the exact settings that you have for your rules, I will be happy to test them on my end as well.

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • Thank you for the information.  I DID NOT know that the Mac OS was not supported by DLP.  I did test the DLP policy on Windows, and it worked successfully with trying to copy to a USB drive and with attaching a document to an email attachment.

    One thing I did notice though is that it did not detect the a PII file being attached to an email via drag and drop.

Reply
  • Thank you for the information.  I DID NOT know that the Mac OS was not supported by DLP.  I did test the DLP policy on Windows, and it worked successfully with trying to copy to a USB drive and with attaching a document to an email attachment.

    One thing I did notice though is that it did not detect the a PII file being attached to an email via drag and drop.

Children